Do you support SAML or SSO authentication? How do I set it up?

For our enterprise customers, we provide the option of authenticating with SAML single sign-on. We'll support any SAMLv2 provider, but are tested mostly with OneLogin at the moment. Please let us know if something breaks or doesn't work, and we'd be more than happy to fix it. If you do not have access to SAML, and would like to set it up, please get in touch; we'll make sure to get you set up quickly.

In this article

Get your Account ID from Tinfoil Security

  1. Visit Tinfoil Security and sign in with your administrator account.
  2. Once signed in, click the dropdown with your email or name in the top right of the dashboard, and click "My Account"
  3. Select "Security" from the tabs on the left side.
  4. Take note of your Account ID as listed underneath the "Single Sign-On" section of the page. Make sure you copy this into your clipboard or save it off somehow. Your SAML identity provider will have to provide this ID to us in order to authenticate.

Setting Up Bitium

Instructions on integrating with Bitium are accessible by clicking here.

Setting Up Centrify

Instructions on integrating with Centrify are accessible by clicking here.

Setting Up OneLogin

  1. In OneLogin, navigate to Apps > Find Apps.
  2. Search for Tinfoil Security and click add.
  3. You may edit the Display Name. Select SAML 2.0 for the connector version and click continue.
  4. You may configure the app as needed. 
  5. Add your Account ID (obtained above from Tinfoil Security) under Configuration and click Update.
  6. Select Single Sign-On, set the credentials to Configured by Admin, select Email in the Default Values menu, and Update.
  7. Now, there are two options:

 

  • Issuer URL (Easiest option):

  1. Click the Single Sign-on tab.
  2. Copy your Issuer URL and save it off. You'll need it later.

 

  • Certificate and SAML Endpoint (Harder):

  1. Click the Single Sign-on tab.
  2. Copy the URL for the SAML Endpoint next to HTTP and save it off. You'll need it later.
  3. Download your certificate by visiting this link https://app.onelogin.com/saml (you must be logged in for this to work). Save the SHA-1 fingerprint for later. You can also find the certificate SHA-1 fingerprint by navigating to Security > SAML in OneLogin.

Configuring Tinfoil Security with SAML

  1. Visit Tinfoil Security and sign in with your administrator account.
  2. Once signed in, click the dropdown with your email or name in the top right of the dashboard, and click "My Account"
  3. Select "Security" from the tabs on the left side.
  4. Check the "Enable SAML" checkbox.
  5. Make sure you type in your current password, as we'll need you to verify you're able to make these authentication changes.
  6. If, in the previous step, you chose to simply copy the Issuer URL, then paste it into the SAML Metadata URL field under "Automatic Configuration".
  7. If, instead, you chose to save the SHA-1 fingerprint and SAML Endpoint, select "Manual Configuration" and enter them under SAML POST URL and SAML Certificate Fingerprint.
  8. Hit "Save" and that should be it!

Still need help? Contact Us Contact Us